Log Correlation Engine Software Requirements
| Version |
Software Requirements |
| 6.x |
- An active LCE license
- RHEL/CentOS 7.x, 64-bit
|
Additionally, while LCE is active, it requires exclusive access to certain ports. The only services that are required to support remote users are SSH and the LCE interface (lce). If other services are active on the system, conflicts should be avoided on the following default ports:
| Ports LCE Receives (Listens) On |
| Port |
Description |
| 162/UDP |
SNMP |
| 514/UDP |
Syslog |
| 22/TCP |
SSH, for requests from Tenable.sc |
| 601/TCP |
Syslog |
| 1243/TCP |
Vulnerability detection, if enabled in Tenable.sc |
| 6514/TCP |
Encrypted syslog |
| 8836/TCP |
LCE Administrative Web UI |
| 31300/TCP |
Events from LCE Clients |
| Ports LCE Sends On |
|---|
| Port | Description |
| 514/UDP | Syslog (forwarded) |
| 443/TCP | Pull requests to the plugins feed at plugins.nessus.org |
| 601/TCP | Syslog (forwarded) |
| Ports LCE Uses Over Loopback Interface |
|---|
| Port | Description |
| 7091/TCP | Internal communication, showids to lce_queryd |
| 7092/TCP | Internal communication, lce_tasld to lced |
Caution: The system running the LCE can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the LCE server is listening on.
